Vulnerability in Yhirose Cpp-httplib
CVE-2026-32627
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS certificate…
Vulnerability class: Improper Certificate Validation
EPSS: 0.000 (10.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N.
Affected products
- Yhirose Cpp-httplib — versions < 0.37.2
Weakness classification (CWE)
References
- https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-c3h8-fqq4-xm4g (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-32627?
- CVE-2026-32627 is a high-severity vulnerability in Yhirose Cpp-httplib, classified under Improper Certificate Validation. CVSS score: 8.7/10. Published 2026-03-13.
- How severe is CVE-2026-32627?
- High severity. CVSS v3 base score is 8.7 out of 10.